We seem to have run into an issue in PS5 where juju autoload-credentials (with a valid sourced novarc) fails with invalid cloud prodstack5, but running juju add-credential and pasting the values manually succeeds.
We ran into this when granting a user "add-model". The existing model was created by the admin user and access granted, so was using an admin credential eg admin/stg-enablement-jenkins which the user does not have access to - add-model fails here on the credential which is expected.
The user then, with novarc sourced, runs juju autoload-credentials which fails:
juju autoload-credentials
This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (--client)
2. controller "prodstack-is-beta" only (--controller prodstack-is-beta)
3. both (--client --controller prodstack-is-beta)
Enter your choice, or type Q|q to quit: 3
Looking for cloud and credential information on local client...
Looking for cloud information on controller "prodstack-is-beta"...
1. openstack region "prodstack5" project "${OS_TENANT_NAME}" user "stg-enablement-jenkins" (new)
2. rackspace credential for user "stg-enablement-jenkins" (new)
Select a credential to save by number, or type Q to quit: 1
Select the cloud it belongs to, or type Q to quit [prodstack5]:
WARNING cloud prodstack5 not valid
1. openstack region "prodstack5" project "${OS_TENANT_NAME}" user "stg-enablement-jenkins" (new)
2. rackspace credential for user "stg-enablement-jenkins" (new)
Select a credential to save by number, or type Q to quit: Q
No credentials loaded to controller prodstack-is-beta.
I'd have expected another option there where project was correctly expanded from the set env var?
We then run the add-credential manually, pasting requested from the novarc which works:
juju add-credential prodstack5
This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to add a credential to:
1. client only (--client)
2. controller "prodstack-is-beta" only (--controller prodstack-is-beta)
3. both (--client --controller prodstack-is-beta)
Enter your choice, or type Q|q to quit: 3
Using cloud "prodstack5" from the controller to verify credentials.
Enter credential name: stg-enablement-jenkins
Regions
prodstack5
Select region [any region, credential is not region specific]: prodstack5
Using auth-type "userpass".
Enter username: stg-enablement-jenkins
Enter password: XXXXXXXXXXXX
Enter tenant-name (optional): stg-enablement-jenkins_project
Enter tenant-id (optional):
Enter version (optional):
Enter domain-name (optional):
Enter project-domain-name (optional):
Enter user-domain-name (optional):
Credential "stg-enablement-jenkins" added locally for cloud "prodstack5".
Controller credential "stg-enablement-jenkins" for user "stg-enablement-jenkins" for cloud "prodstack5" on controller "prodstack-is-beta" added.
For more information, see ‘juju show-credential prodstack5 stg-enablement-jenkins’.
Can you paste your novarc (with secrets redacted).
There's a few variations on a theme that need to be catered for and it seems there's one that Juju doesn't handle.